Yes, it is as safe as generating your keys using a local application. The key generation on our website is done client-side only. This means the key pairs are generated entirely in your web browser and they never leave your computer. Our website never sees any key related data or the key itself.

Can you tell me more about the keys you generate?

Sure. For starters, we enforce using a passphrase with each key generated. This ensures some level of protection if your key is ever stolen. We also automatically generate two subkeys for you, one for signing and the other for encryption. You can use your subkeys to sign and encrypt data and keep your private key safe. The bit length of generated subkeys will be identical to the length you specified for the primary key. The primary key we generate for you never expires. You can, however, set the expiration date on the generated subkeys using the 'Expire' option in the key generation form.

What is Elliptic Curve Cryptography?

Elliptic Curve Cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. One of the main benefits in comparison with non-ECC cryptography (with plain Galois fields as a basis) is the same level of security provided by keys of smaller size. For example, a 256-bit ECC public key should provide comparable security to a 3072-bit RSA public key. ECC is still not widely supported in many PGP client applications so we advise that you generate ECC keys only if you know what you're doing. You can read more about it at RFC 6637.

I'm concerned about my privacy. Do you keep or gather logs of any sort?

Our website is hosted entirely on Amazon's S3 and CloudFront platforms. All of our code is client-side. We have NO backend servers. Since we don't have a backend server we don't keep any logs. The only logging that occurs when you visit our website is performed by Google Analytics, which helps us keep track of the number of people visiting the site monthly.

Why does my web browser or computer slow down when I'm generating keys?

PGP key generation is a resource intensive process. As a result, your may experience increased CPU and memory usage on your device, which can result in performance issues. The performance impact depends on the hardware capabilities of your device.

About

A bit of information about us.

We wanted to make an easy to use, accessible, tool for people to generate PGP keys with. Today, the common methods for generating keys still involve going to a command prompt of a Linux/Unix machine and using the GPG utility , or installing a PGP compatible application on your desktop. We wanted to provide an easier way to generate keys. None of this would be possible without the awesome Open Source software we're utilizing. We're using KeyBase's awesome JavaScript implementation of PGP (kbpgp). For file saving capabilities we are utilizing Eli Grey's wonderful FileSaver.js interface.

Please note that this project is still a work in progress and that we'll making improvements and introducing more functionality in the near future. As a work in progress there are a number of issues we are aware of that we will resolve:

Currently we can only support ECC keys with length of 384 bits. We will support more sizes soon.

Setting expiration date of subkeys to 'Never' results in an expiration date of 8 years.

To generate multiple key pairs you'll have to refresh the page after each run; there is no way to reset the form.

If you have any questions, comments or would simply like to chat with us feel free to reach out at moc.edocnoegip@tcatnoc.